Service · 04
Zscaler ZIA, ZPA & operational cloud security.
Zscaler is powerful — and demanding. Poorly placed, it becomes a friction point. Properly integrated, it is the backbone of a Zero Trust strategy that delivers on its promise. We support complex deployments, custom API integrations, and hybrid cloud architectures.
Talk Zscaler →Our Zscaler scope covers the full platform: ZIA for internet security, ZPA for Zero Trust access to private applications, ZIdentity for identity management, and all the API integrations that make a difference in production.
Zscaler Internet Access (ZIA)
ZIA platform design, rollout and operation: URL Filtering, Firewall Filtering, SSL Inspection, Cloud App Control, Sandbox, Bandwidth Control policies. Location Group design per site / VPN / mobile, sub-cloud management, traffic optimisation and end-user experience tuning.
On the API side, we know how to authenticate cleanly via the ZIdentity tenant with OAuth2 (any vanity domain), extract policies for audit, compare against FortiGate baselines, and generate HTML gap analysis reports.
Zscaler Private Access (ZPA)
End-to-end ZPA architecture: Application Segments, Server Groups, App Connectors (HA deployment, scaling, geographic placement), Network Connectors for machine-to-machine flows and non-user use cases. Migration off legacy VPNs to ZPA in progressive mode, segment by segment, without disrupting critical access.
We clearly distinguish the technical role of each component — Network Connector vs App Connector — because the use cases differ and the official Zscaler documentation is the source of truth.
ZIdentity & IdP integration
ZIdentity integration with Azure AD / Entra ID, Okta, or any other SAML IdP: SSO configuration, SCIM provisioning, attribute mapping, fine-grained group management for context-aware policies. OAuth2 authentication setup for API integrations and lifecycle management of technical credentials.
Zero Trust Network Access (ZTNA) — the journey
ZTNA is not a product, it is a journey. We support organisations through the Zero Trust transition: application mapping, flow identification, progressive segmentation, identity + context-based access control (device posture, geolocation, risk). The subject is not just Zscaler — it is also your IdP, your EDR, your MDM, your CMDB.
AWS cloud security & IAM hardening
Beyond Zscaler, we work on hardening your AWS posture: IAM role review, identification of excessive permissions, condition-based policies (MFA, IP, tag), key rotation, transition to instance profiles for EC2 workloads, SigV4 signing for authenticated Bedrock calls without exposing long-term keys.
Custom API integrations
For specific needs (reporting, automation, supervision), we build bespoke integrations:
- ZIdentity OAuth2 authentication + ZIA policy extraction
- FortiManager read via JSON-RPC (ADOM, package, policy)
- Cisco Meraki inventory via REST API
- Splunk HEC indexing for retention and search
- Connecting Claude Code to a Zscaler MCP Server hosted on AWS Bedrock AgentCore via mcp-proxy-for-aws with SigV4 signing
FAQ
Frequently asked.
Are you a Zscaler partner?
Can you intervene on an existing deployment?
Which Zscaler certifications?
Do you do Zscaler "alone" or also Zscaler + Fortinet?
A Zscaler project in flight?
30-minute technical exchange, no commitment. We look at the architecture, the context, and we see if we can help.
Other practices